From 2473f90c5cb94d027e11ba7c36178aeb462f93a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 19 Jan 2018 22:05:39 +0100 Subject: [PATCH] Full upgrade - Add multi instance support - Remove offical helper in common.sh - Improve turnserver config - Update checkprocess - Check synapse is fully started before the end script - Use helper nginx ynh_add_nginx_config --- README.md | 11 +++ check_process | 17 +++- conf/coturn-synapse.service | 27 +++++ conf/homeserver.yaml | 12 +-- conf/log.yaml | 2 +- conf/matrix-synapse.service | 10 +- conf/turnserver.conf | 11 ++- conf/virtualenv_activate | 2 +- manifest.json | 4 +- scripts/_common.sh | 192 +++++++++++++++++++----------------- scripts/backup | 15 +-- scripts/install | 58 ++++++----- scripts/psql.sh | 1 - scripts/remove | 40 ++++---- scripts/restore | 23 ++--- scripts/upgrade | 62 +++++++++--- 16 files changed, 299 insertions(+), 188 deletions(-) create mode 100644 conf/coturn-synapse.service diff --git a/README.md b/README.md index 8a49220..c7e5b1e 100644 --- a/README.md +++ b/README.md @@ -93,6 +93,17 @@ To solve the issue [#30](https://github.com/YunoHost-Apps/synapse_ynh/issues/30) `yunohost app setting synapse disable_backup_before_upgrade -v 1` +Multi instance support +---------------------- + +To give a possiblity to have multiple domain you can use synapse in multiple instance. In this case all instance will run on differents port so it's really important to use put a SRV record in your domain. You can get the port that your need to put in your SRV record by this following command : +``` +yunohost app setting synapse__ synapse_tls_port +``` + +Before to install a second instance of the app it's really recommend to update all instance already installed. + + Migration from old package -------------------------- diff --git a/check_process b/check_process index 8d35bbf..c333f41 100644 --- a/check_process +++ b/check_process @@ -3,24 +3,26 @@ # Commentaire ignoré ; Manifest domain="domain.tld" (DOMAIN) - path="/_matrix" (PATH) + path="/_matrix/client/#/login" (PATH) is_public=1 (PUBLIC|public=1|private=0) ; Checks pkg_linter=1 - setup_sub_dir=0 + setup_sub_dir=1 setup_root=0 - setup_nourl=1 + setup_nourl=0 setup_private=0 setup_public=1 upgrade=1 + upgrade=1 from_commit=a62bce7dbc6bc0e1f1b4e872286ff124747ea009 + upgrade=1 from_commit=bfc07c81c1bcac1b939838209bba6934fec35625 backup_restore=1 - multi_instance=0 + multi_instance=1 wrong_user=0 wrong_path=1 incorrect_path=0 corrupt_source=1 fail_download_source=1 - port_already_use=1 (8008) + port_already_use=1 (8448) final_path_already_use=1 change_url=0 ;;; Levels @@ -34,3 +36,8 @@ Level 8=0 Level 9=0 Level 10=0 +;;; Upgrade options + ; commit=a62bce7dbc6bc0e1f1b4e872286ff124747ea009 + name=Before multi_instance + ; commit=bfc07c81c1bcac1b939838209bba6934fec35625 + name=Old version package \ No newline at end of file diff --git a/conf/coturn-synapse.service b/conf/coturn-synapse.service new file mode 100644 index 0000000..94884a7 --- /dev/null +++ b/conf/coturn-synapse.service @@ -0,0 +1,27 @@ +[Unit] +Description=coturn +Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1) +After=syslog.target network.target + +[Service] +User=turnserver +Group=turnserver +Type=forking +EnvironmentFile=/etc/default/coturn-__APP__ +PIDFile=/var/run/coturn-__APP__/turnserver.pid +RuntimeDirectory=coturn-__APP__ +RuntimeDirectoryMode=0755 +ExecStart=/usr/bin/turnserver -o -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS +ExecStopPost=/bin/rm -f /var/run/coturn-__APP__/turnserver.pid +Restart=on-abort + +LimitCORE=infinity +LimitNOFILE=999999 +LimitNPROC=60000 +LimitRTPRIO=infinity +LimitRTTIME=7000000 +CPUSchedulingPolicy=other +UMask=0007 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index c43fbad..0d17b22 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -10,7 +10,7 @@ tls_certificate_path: "/etc/yunohost/certs/__DOMAIN__/crt.pem" tls_private_key_path: "/etc/yunohost/certs/__DOMAIN__/key.pem" # PEM dh parameters for ephemeral keys -tls_dh_params_path: "/etc/matrix-synapse/dh.pem" +tls_dh_params_path: "/etc/matrix-__APP__/dh.pem" # Don't bind to the https port no_tls: False @@ -20,7 +20,7 @@ no_tls: False server_name: "__DOMAIN__" # When running as a daemon, the file to store the pid in -pid_file: "/var/run/matrix-synapse.pid" +pid_file: "/var/run/matrix-__APP__.pid" # Whether to serve a web client from the HTTP/HTTPS root resource. web_client: False @@ -113,7 +113,7 @@ database: args: user: __SYNAPSE_DB_USER__ password: __SYNAPSE_DB_PWD__ - database: matrix_synapse + database: matrix___APP__ host: localhost cp_min: 5 cp_max: 10 @@ -123,7 +123,7 @@ event_cache_size: "10K" # A yaml python logging config file -log_config: "/etc/matrix-synapse/log.yaml" +log_config: "/etc/matrix-__APP__/log.yaml" # Stop twisted from discarding the stack traces of exceptions in # deferreds by waiting a reactor tick before running a deferred's @@ -161,7 +161,7 @@ federation_rc_concurrent: 3 # Directory where uploaded images and attachments are stored. -media_store_path: "/var/lib/matrix-synapse/media" +media_store_path: "/var/lib/matrix-__APP__/media" # The largest allowed upload size in bytes max_upload_size: "10M" @@ -353,7 +353,7 @@ expire_access_token: False ## Signing Keys ## # Path to the signing key to sign messages with -signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" +signing_key_path: "/etc/matrix-__APP__/homeserver.signing.key" # The keys that the server used to sign messages with but won't use # to sign new messages. E.g. it has lost its private key diff --git a/conf/log.yaml b/conf/log.yaml index 97846ec..62e0bb7 100644 --- a/conf/log.yaml +++ b/conf/log.yaml @@ -14,7 +14,7 @@ handlers: file: class: logging.handlers.RotatingFileHandler formatter: precise - filename: /var/log/matrix-synapse/homeserver.log + filename: /var/log/matrix-__APP__/homeserver.log maxBytes: 104857600 backupCount: 10 filters: [context] diff --git a/conf/matrix-synapse.service b/conf/matrix-synapse.service index c415f71..f6207c1 100644 --- a/conf/matrix-synapse.service +++ b/conf/matrix-synapse.service @@ -3,11 +3,11 @@ Description=Synapse Matrix homeserver [Service] Type=simple -User=matrix-synapse -WorkingDirectory=/var/lib/matrix-synapse -EnvironmentFile=/etc/default/matrix-synapse -ExecStartPre=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --generate-keys -ExecStart=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ +User=matrix-__APP__ +WorkingDirectory=/var/lib/matrix-__APP__ +EnvironmentFile=/etc/default/matrix-__APP__ +ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ --generate-keys +ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ Restart=always RestartSec=3 diff --git a/conf/turnserver.conf b/conf/turnserver.conf index a8506fe..3c4d578 100644 --- a/conf/turnserver.conf +++ b/conf/turnserver.conf @@ -5,10 +5,17 @@ realm=__DOMAIN__ no-stun tls-listening-port=__TLS_PORT__ +alt-tls-listening-port=__TLS_ALT_PORT__ +cli-port=__CLI_PORT__ cert=/etc/yunohost/certs/__DOMAIN__/crt.pem pkey=/etc/yunohost/certs/__DOMAIN__/key.pem -dh-file=/etc/yunohost/certs/__DOMAIN__/dh.pem +dh-file=/etc/matrix-__APP__/dh.pem no-sslv2 -no-sslv3 \ No newline at end of file +no-sslv3 +no-udp +no-tcp + +log-file=/var/log/matrix-__APP__/turnserver.log +pidfile="/var/run/coturn-__APP__/turnserver.pid" diff --git a/conf/virtualenv_activate b/conf/virtualenv_activate index ae3c5b2..df0ab76 100644 --- a/conf/virtualenv_activate +++ b/conf/virtualenv_activate @@ -40,7 +40,7 @@ deactivate () { # unset irrelevant variables deactivate nondestructive -VIRTUAL_ENV="/opt/yunohost/matrix-synapse" +VIRTUAL_ENV="__FINAL_PATH__" export VIRTUAL_ENV _OLD_VIRTUAL_PATH="$PATH" diff --git a/manifest.json b/manifest.json index 5103d38..5c02f1b 100644 --- a/manifest.json +++ b/manifest.json @@ -3,7 +3,7 @@ "id": "synapse", "packaging_format": 1, "requirements": { - "yunohost": ">= 2.7.2" + "yunohost": ">= 2.7.7" }, "description": { "en": "Instant messaging server who use matrix", @@ -16,7 +16,7 @@ "name": "Josué Tille", "email": "josue@tille.ch" }, - "multi_instance": false, + "multi_instance": true, "services": [ "nginx" ], diff --git a/scripts/_common.sh b/scripts/_common.sh index f06ae36..5063c87 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -2,9 +2,9 @@ # Retrieve arguments app=$YNH_APP_INSTANCE_NAME -synapse_user="matrix-synapse" -synapse_db_name="matrix_synapse" -synapse_db_user="matrix_synapse" +synapse_user="matrix-$app" +synapse_db_name="matrix_$app" +synapse_db_user="matrix_$app" get_app_version_from_json() { manifest_path="../manifest.json" @@ -23,21 +23,21 @@ install_dependances() { setup_dir() { # Create empty dir for synapse - mkdir -p /var/lib/matrix-synapse - mkdir -p /var/log/matrix-synapse - mkdir -p /var/log/turnserver - mkdir -p /etc/matrix-synapse/conf.d + mkdir -p /var/lib/matrix-$app + mkdir -p /var/log/matrix-$app + mkdir -p /etc/matrix-$app/conf.d mkdir -p $final_path } set_permission() { # Set permission chown $synapse_user:root -R $final_path - chown $synapse_user:root -R /var/lib/matrix-synapse - chown $synapse_user:root -R /var/log/matrix-synapse - chown turnserver:root -R /var/log/turnserver - chown $synapse_user:root -R /etc/matrix-synapse - chmod 600 /etc/matrix-synapse/dh.pem + chown $synapse_user:root -R /var/lib/matrix-$app + chown $synapse_user:root -R /var/log/matrix-$app + chown $synapse_user:root -R /etc/matrix-$app + chmod 600 /etc/matrix-$app/dh.pem + setfacl -R -m user:turnserver:rx /etc/matrix-$app + setfacl -R -m user:turnserver:rwx /var/log/matrix-$app } install_source() { @@ -51,6 +51,7 @@ install_source() { # Install synapse in virtualenv PS1="" cp ../conf/virtualenv_activate $final_path/bin/activate + ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate source $final_path/bin/activate pip install --upgrade pip pip install --upgrade setuptools @@ -66,42 +67,46 @@ install_source() { fi } -config_nginx() { - cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf - - ynh_replace_string __PATH__ $path /etc/nginx/conf.d/$domain.d/$app.conf - ynh_replace_string __PORT__ $synapse_port /etc/nginx/conf.d/$domain.d/$app.conf - - systemctl reload nginx.service -} - config_synapse() { - cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml - cp ../conf/log.yaml /etc/matrix-synapse/log.yaml + ynh_backup_if_checksum_is_different /etc/matrix-$app/homeserver.yaml + ynh_backup_if_checksum_is_different /etc/matrix-$app/log.yaml + cp ../conf/homeserver.yaml /etc/matrix-$app/homeserver.yaml + cp ../conf/log.yaml /etc/matrix-$app/log.yaml - ynh_replace_string __DOMAIN__ $domain /etc/matrix-synapse/homeserver.yaml - ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-synapse/homeserver.yaml - ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-synapse/homeserver.yaml - ynh_replace_string __PORT__ $synapse_port /etc/matrix-synapse/homeserver.yaml - ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-synapse/homeserver.yaml - ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-synapse/homeserver.yaml - ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-synapse/homeserver.yaml + ynh_replace_string __APP__ $app /etc/matrix-$app/homeserver.yaml + ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/homeserver.yaml + ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-$app/homeserver.yaml + ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-$app/homeserver.yaml + ynh_replace_string __PORT__ $port /etc/matrix-$app/homeserver.yaml + ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-$app/homeserver.yaml + ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/homeserver.yaml + ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/homeserver.yaml + + ynh_replace_string __APP__ $app /etc/matrix-$app/log.yaml if [ "$is_public" = "0" ] then - ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-synapse/homeserver.yaml + ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-$app/homeserver.yaml else - ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-synapse/homeserver.yaml + ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-$app/homeserver.yaml fi + + ynh_store_file_checksum /etc/matrix-$app/homeserver.yaml + ynh_store_file_checksum /etc/matrix-$app/log.yaml } config_coturn() { - cp ../conf/default_coturn /etc/default/coturn - cp ../conf/turnserver.conf /etc/turnserver.conf + ynh_backup_if_checksum_is_different /etc/matrix-$app/coturn.conf + cp ../conf/turnserver.conf /etc/matrix-$app/coturn.conf - ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/turnserver.conf - ynh_replace_string __DOMAIN__ $domain /etc/turnserver.conf - ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/turnserver.conf + ynh_replace_string __APP__ $app /etc/matrix-$app/coturn.conf + ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/coturn.conf + ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/coturn.conf + ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/coturn.conf + ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port /etc/matrix-$app/coturn.conf + ynh_replace_string __CLI_PORT__ $cli_port /etc/matrix-$app/coturn.conf + + ynh_store_file_checksum /etc/matrix-$app/coturn.conf } ####### Solve issue https://dev.yunohost.org/issues/1006 @@ -147,59 +152,68 @@ ynh_package_install_from_equivs () { ynh_package_is_installed "$pkgname" } -# Implement PR : https://github.com/YunoHost/yunohost/pull/392 +# Start or restart a service and follow its booting +# +# usage: ynh_check_starting "Line to match" [service name] [Log file] [Timeout] +# +# | arg: Line to match - The line to find in the log to attest the service have finished to boot. +# | arg: Log file - The log file to watch +# /var/log/$app/$app.log will be used if no other log is defined. +# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds. +ynh_check_starting () { + local line_to_match="$1" + local service_name="${2:-$app}" + local app_log="${3:-/var/log/$app/$app.log}" + local timeout=${4:-300} -# Use logrotate to manage the logfile -# -# usage: ynh_use_logrotate [logfile] [--non-append] -# | arg: logfile - absolute path of logfile -# | option: --non-append - Replace the config file instead of appending this new config. -# -# If no argument provided, a standard directory will be use. /var/log/${app} -# You can provide a path with the directory only or with the logfile. -# /parentdir/logdir -# /parentdir/logdir/logfile.log -# -# It's possible to use this helper several times, each config will be added to the same logrotate config file. -# Unless you use the option --non-append -ynh_use_logrotate () { - local customtee="tee -a" - if [ $# -gt 0 ] && [ "$1" == "--non-append" ]; then - customtee="tee" - # Destroy this argument for the next command. - shift - elif [ $# -gt 1 ] && [ "$2" == "--non-append" ]; then - customtee="tee" + ynh_clean_check_starting () { + # Stop the execution of tail. + kill -s 15 $pid_tail 2>&1 + ynh_secure_remove "$templog" 2>&1 + } + + echo "Starting of $service_name" >&2 + systemctl restart $service_name + + local i=0 + local templog="$(mktemp)" + + # Wait if the log file don't exist + if [[ ! -e $app_log ]] + then + for i in $(seq 1 $timeout) + do + if [[ -e $app_log ]] + then + cat $app_log > "$templog" + break + fi + echo -n "." >&2 + sleep 1 + done fi - if [ $# -gt 0 ]; then - if [ "$(echo ${1##*.})" == "log" ]; then # Keep only the extension to check if it's a logfile - logfile=$1 # In this case, focus logrotate on the logfile - else - logfile=$1/*.log # Else, uses the directory and all logfile into it. + + # Following the starting of the app in its log + tail -f -n1 "$app_log" >> "$templog" & + # Get the PID of the tail command + local pid_tail=$! + + for i in $(seq $i $timeout) + do + # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout + if grep --quiet "$line_to_match" "$templog" + then + echo "The service $service_name has correctly started." >&2 + break fi - else - logfile="/var/log/${app}/*.log" # Without argument, use a defaut directory in /var/log + echo -n "." >&2 + sleep 1 + done + if [ $i -eq $timeout ] + then + echo "The service $service_name didn't fully started before the timeout." >&2 fi - cat > ./${app}-logrotate << EOF # Build a config file for logrotate -$logfile { - # Rotate if the logfile exceeds 100Mo - size 100M - # Keep 12 old log maximum - rotate 12 - # Compress the logs with gzip - compress - # Compress the log at the next cycle. So keep always 2 non compressed logs - delaycompress - # Copy and truncate the log to allow to continue write on it. Instead of move the log. - copytruncate - # Do not do an error if the log is missing - missingok - # Not rotate if the log is empty - notifempty - # Keep old logs in the same dir - noolddir -} -EOF - sudo mkdir -p $(dirname "$logfile") # Create the log directory, if not exist - cat ${app}-logrotate | sudo $customtee /etc/logrotate.d/$app > /dev/null # Append this config to the existing config file, or replace the whole config file (depending on $customtee) -} + + echo "" + ynh_clean_check_starting +} \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index eed32e8..6c06abf 100644 --- a/scripts/backup +++ b/scripts/backup @@ -12,31 +12,32 @@ source ../settings/scripts/psql.sh # Retrieve arguments domain=$(ynh_app_setting_get $app special_domain) -final_path="/opt/yunohost/matrix-synapse" +final_path="/opt/yunohost/matrix-$app" # Copy Nginx config ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" # Backup synapse config -ynh_backup "/etc/matrix-synapse" "synapse_config" +ynh_backup "/etc/matrix-$app" "synapse_config" # Backup coturn server ynh_backup "/etc/turnserver.conf" "coturn_config" ynh_backup "/etc/default/coturn" "coturn_config_default" # Backup synapse database -ynh_backup "/var/lib/matrix-synapse" "data" 1 +ynh_backup "/var/lib/matrix-$app" "data" 1 # Backup Postgresql database sudo su -c "pg_dump $synapse_db_name" postgres > ${YNH_CWD}/dump.sql # Copy the logs -ynh_backup "/var/log/matrix-synapse" "log" -ynh_backup "/var/log/turnserver" "log_turnserver" +ynh_backup "/var/log/matrix-$app" "log" # Backup systemd service -ynh_backup "/etc/default/matrix-synapse" -ynh_backup "/etc/systemd/system/matrix-synapse.service" +ynh_backup "/etc/default/matrix-$app" +ynh_backup "/etc/systemd/system/matrix-$app.service" +ynh_backup "/etc/default/coturn-$app" +ynh_backup "/etc/systemd/system/coturn-$app.service" # Backup synapse binary ynh_backup "$final_path" "bin" \ No newline at end of file diff --git a/scripts/install b/scripts/install index 0332f6b..7a5cbef 100644 --- a/scripts/install +++ b/scripts/install @@ -13,27 +13,26 @@ source ./_common.sh # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN is_public=$YNH_APP_ARG_IS_PUBLIC -path="/_matrix" -final_path="/opt/yunohost/matrix-synapse" +path_url="/_matrix" +final_path="/opt/yunohost/matrix-$app" # Check domain/path availability -test $(ynh_webpath_available $domain $path) == 'True' || ynh_die "$domain$path is not available, please use an other domain." +test $(ynh_webpath_available $domain $path_url) == 'True' || ynh_die "$domain is not available as domain, please use an other domain." +test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die "$domain is not available as domain, please use an other domain." # Check Final Path availability test ! -e "$final_path" || ynh_die "This path already contains a folder" # Ouvre le port dans le firewall synapse_tls_port=$(ynh_find_port 8448) -synapse_port=$(ynh_find_port 8008) +port=$(ynh_find_port 8008) turnserver_tls_port=$(ynh_find_port 5349) +turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1))) +cli_port=$(ynh_find_port 5766) yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1 - -# Make dh cert for synapse if it not exist -test ! -e /etc/matrix-synapse/dh.pem && \ - mkdir -p /etc/matrix-synapse && \ - openssl dhparam -out /etc/matrix-synapse/dh.pem 2048 > /dev/null +yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1 # Find password for turnserver and database turnserver_pwd=$(ynh_string_random 30) @@ -41,21 +40,28 @@ synapse_db_pwd=$(ynh_string_random 30) # Enregistre les infos dans la config YunoHost ynh_app_setting_set $app special_domain $domain -ynh_app_setting_set $app special_path $path +ynh_app_setting_set $app special_path $path_url ynh_app_setting_set $app final_path $final_path ynh_app_setting_set $app synapse_version $APP_VERSION ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd ynh_app_setting_set $app is_public $is_public -ynh_app_setting_set $app synapse_port $synapse_port +ynh_app_setting_set $app synapse_port $port ynh_app_setting_set $app synapse_tls_port $synapse_tls_port ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port +ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port ynh_app_setting_set $app turnserver_pwd $turnserver_pwd +ynh_app_setting_set $app cli_port $cli_port + +# Make dh cert for synapse if it not exist +test ! -e /etc/matrix-$app/dh.pem && \ + mkdir -p /etc/matrix-$app && \ + openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null # Install all dependances install_dependances # Create user -ynh_system_user_create $synapse_user /var/lib/matrix-synapse +ynh_system_user_create $synapse_user /var/lib/matrix-$app adduser $synapse_user ssl-cert adduser turnserver ssl-cert @@ -74,14 +80,21 @@ cp ../conf/add_sso_conf.py $final_path cp ../conf/remove_sso_conf.py $final_path python $final_path/add_sso_conf.py -# Create systemd service -cp ../conf/default_matrix-synapse /etc/default/matrix-synapse -cp ../conf/matrix-synapse.service /etc/systemd/system/ +# Create systemd service for synapse and turnserver +cp ../conf/default_matrix-synapse /etc/default/matrix-$app +cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-$app.service +ynh_replace_string __APP__ $app /etc/systemd/system/matrix-$app.service + +cp ../conf/default_coturn /etc/default/coturn-$app +cp ../conf/coturn-synapse.service /etc/systemd/system/coturn-$app.service +ynh_replace_string __APP__ $app /etc/systemd/system/coturn-$app.service + systemctl daemon-reload -systemctl enable matrix-synapse.service +systemctl enable matrix-$app.service +systemctl enable coturn-$app.service # Config nginx -config_nginx +ynh_add_nginx_config # Configure Synapse config_synapse @@ -90,15 +103,14 @@ config_synapse config_coturn # Configuration de logrotate -ynh_use_logrotate /var/log/matrix-synapse -ynh_use_logrotate /var/log/turnserver +ynh_use_logrotate /var/log/matrix-$app # Set Permission for all directory set_permission # register yunohost service -yunohost service add matrix-synapse +yunohost service add matrix-$app -# Recharge la configuration Nginx -systemctl restart matrix-synapse.service -systemctl restart coturn.service +# Reload service +systemctl restart coturn-$app.service +ynh_check_starting "Synapse now listening on port 8448" "matrix-$app" "/var/log/matrix-$app/homeserver.log" 60 diff --git a/scripts/psql.sh b/scripts/psql.sh index 9789a29..286e60f 100644 --- a/scripts/psql.sh +++ b/scripts/psql.sh @@ -117,7 +117,6 @@ ynh_psql_drop_user() { su --command="dropuser \"${user}\"" postgres } - ynh_psql_test_if_first_run() { if [ -f /etc/yunohost/psql ]; then diff --git a/scripts/remove b/scripts/remove index 108e09f..ccfcfc2 100755 --- a/scripts/remove +++ b/scripts/remove @@ -15,20 +15,17 @@ domain=$(ynh_app_setting_get $app special_domain) final_path=$(ynh_app_setting_get $app final_path) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) +turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port) -systemctl stop matrix-synapse.service || true -systemctl stop coturn.service || true - -# Suppression de la configuration nginx -ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf" -systemctl reload nginx.service +systemctl stop matrix-$YNH_APP_INSTANCE_NAME.service || true +systemctl stop coturn-$app.service || true # Close firewall ports closeport() { if yunohost firewall list | grep -q "\- $port$" then echo "Close port $port" - yunohost firewall disallow TCP $port > /dev/null + yunohost firewall disallow Both $port > /dev/null fi } @@ -36,6 +33,8 @@ port=$synapse_tls_port closeport port=$turnserver_tls_port closeport +port=$turnserver_alt_tls_port +closeport # Remove the skipped url python $final_path/remove_sso_conf.py @@ -45,29 +44,30 @@ ynh_remove_app_dependencies || true # Clean all directory ynh_secure_remove $final_path -ynh_secure_remove /var/lib/matrix-synapse -ynh_secure_remove /var/log/matrix-synapse -ynh_secure_remove /var/log/turnserver -ynh_secure_remove /etc/matrix-synapse -ynh_secure_remove /etc/default/matrix-synapse +ynh_secure_remove /var/lib/matrix-$YNH_APP_INSTANCE_NAME +ynh_secure_remove /var/log/matrix-$YNH_APP_INSTANCE_NAME +ynh_secure_remove /etc/matrix-$YNH_APP_INSTANCE_NAME +ynh_secure_remove /etc/default/matrix-$YNH_APP_INSTANCE_NAME +ynh_secure_remove /etc/default/coturn-$YNH_APP_INSTANCE_NAME + +# Remove nginx config +ynh_remove_nginx_config # Remove systemd service -systemctl disable matrix-synapse.service -ynh_secure_remove /etc/systemd/system/matrix-synapse.service +systemctl disable matrix-$YNH_APP_INSTANCE_NAME.service +systemctl disable coturn-$YNH_APP_INSTANCE_NAME.service +ynh_secure_remove /etc/systemd/system/matrix-$YNH_APP_INSTANCE_NAME.service +ynh_secure_remove /etc/systemd/system/coturn-$app.service systemctl daemon-reload # Remove database and user ynh_psql_remove_db $synapse_db_name $synapse_db_user # Remove user -ynh_system_user_delete matrix-synapse +ynh_system_user_delete matrix-$YNH_APP_INSTANCE_NAME # Remove logrotate ynh_remove_logrotate # Remove Monitoring -yunohost service remove matrix-synapse - -# Reload nginx -systemctl reload nginx.service - +yunohost service remove matrix-$YNH_APP_INSTANCE_NAME diff --git a/scripts/restore b/scripts/restore index 8b2b0a2..3e07786 100644 --- a/scripts/restore +++ b/scripts/restore @@ -12,27 +12,29 @@ source ../settings/scripts/psql.sh # Retrieve arguments domain=$(ynh_app_setting_get $app special_domain) -path=$(ynh_app_setting_get $app special_path) +path_url=$(ynh_app_setting_get $app special_path) final_path=$(ynh_app_setting_get $app final_path) synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd) is_public=$(ynh_app_setting_get $app is_public) -synapse_port=$(ynh_app_setting_get $app synapse_port) +port=$(ynh_app_setting_get $app synapse_port) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) +turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port) turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd) # Check domain/path availability -ynh_webpath_available $domain $path || ynh_die "$domain/$path is not available, please use an other domain." +ynh_webpath_available $domain $path_url || ynh_die "$domain/$path_url is not available, please use an other domain." # Ouvre le port dans le firewall yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1 +yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1 # Install all dependances install_dependances # Create user -ynh_system_user_create $synapse_user /var/lib/matrix-synapse +ynh_system_user_create $synapse_user /var/lib/matrix-$app adduser $synapse_user ssl-cert adduser turnserver ssl-cert @@ -56,19 +58,18 @@ su -c "psql $synapse_db_name" postgres < ${YNH_CWD}/dump.sql # Enable systemd service systemctl daemon-reload -systemctl enable matrix-synapse.service +systemctl enable matrix-$app.service # Configuration de logrotate -ynh_use_logrotate /var/log/matrix-synapse -ynh_use_logrotate /var/log/turnserver +ynh_use_logrotate /var/log/matrix-$app # Set the permission set_permission # register yunohost service -yunohost service add matrix-synapse +yunohost service add matrix-$app -# Reload webserver +# Restart service systemctl reload nginx.service -systemctl restart matrix-synapse.service -systemctl restart coturn.service +systemctl restart coturn-$app.service +ynh_check_starting "Synapse now listening on port 8448" "matrix-$app" "/var/log/matrix-$app/homeserver.log" 60 diff --git a/scripts/upgrade b/scripts/upgrade index 00526aa..46a7438 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,15 +12,17 @@ source ./_common.sh # Retrieve arguments domain=$(ynh_app_setting_get $app special_domain) -path=$(ynh_app_setting_get $app special_path) +path_url=$(ynh_app_setting_get $app special_path) final_path=$(ynh_app_setting_get $app final_path) synapse_old_version=$(ynh_app_setting_get $app synapse_version) synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd) is_public=$(ynh_app_setting_get $app is_public) -synapse_port=$(ynh_app_setting_get $app synapse_port) +port=$(ynh_app_setting_get $app synapse_port) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) +turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port) turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd) +cli_port=$(ynh_app_setting_get $app cli_port) # To be sure that the migration is sucessfull we check that the old synapse version is compatible with the synapse_port_db script. if [[ -z $synapse_old_version ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.25") != 1 ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.26") != 1 ]] @@ -28,7 +30,7 @@ then ynh_die "Update from this synapse version is not available now. You need to wait for the next update." fi -systemctl stop matrix-synapse.service +systemctl stop matrix-$app.service if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]] then @@ -45,11 +47,11 @@ then ## We move from debian package to new package with python virtualenv # Change settings - path="/_matrix" + path_url="/_matrix" domain=$(ynh_app_setting_get $app domain) final_path="/opt/yunohost/matrix-synapse" ynh_app_setting_set $app special_domain $domain - ynh_app_setting_set $app special_path $path + ynh_app_setting_set $app special_path $path_url ynh_app_setting_set $app final_path $final_path ynh_app_setting_delete $app domain ynh_app_setting_delete $app path @@ -91,7 +93,8 @@ then systemctl disable matrix-synapse.service cp ../conf/default_matrix-synapse /etc/default/matrix-synapse - cp ../conf/matrix-synapse.service /etc/systemd/system/ + cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-synapse.service + ynh_replace_string __APP__ $app /etc/systemd/system/matrix-synapse.service systemctl daemon-reload systemctl enable matrix-synapse.service @@ -125,23 +128,52 @@ then deactivate fi -# If the turnserver log is not ready configured we configure it now -test -e /var/log/turnserver || (mkdir -p /var/log/turnserver && ynh_use_logrotate /var/log/turnserver) +# Disable default config for turnserver and create a new service +if [[ ! -e /etc/matrix-$app/coturn.conf ]] +then + systemctl stop coturn.service + + # Set by default the system config for coturn + echo "" > /etc/turnserver.conf + ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn + + # Set a port for each service in turnserver + turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1))) + cli_port=$(ynh_find_port 5766) + + ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port + ynh_app_setting_set $app cli_port $cli_port + + yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1 + + # Configure systemd + cp ../conf/default_coturn /etc/default/coturn-$app + cp ../conf/coturn-synapse.service /etc/systemd/system/coturn-$app.service + ynh_replace_string __APP__ $app /etc/systemd/system/coturn-$app.service + + systemctl daemon-reload + systemctl enable coturn-$app.service + + # Clean logrotate file for all old instances + ynh_remove_logrotate + ynh_use_logrotate /var/log/matrix-$app +fi # Fix issue about certificates access -if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-synapse" /etc/group) ]] +if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]] then adduser $synapse_user ssl-cert adduser turnserver ssl-cert fi -test -e /etc/matrix-synapse/dh.pem || cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-synapse/dh.pem +# If we don't have the dh file in synapse config dir we copy it +test -e /etc/matrix-$app/dh.pem || cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem # Upgrade manually Synapse install_source # Update nginx config -config_nginx +ynh_add_nginx_config # Configure Synapse config_synapse @@ -155,7 +187,7 @@ set_permission # Set new settings ynh_app_setting_set $app synapse_version $APP_VERSION -# Recharge la configuration Nginx -systemctl reload nginx.service -systemctl start matrix-synapse.service -systemctl restart coturn.service +# Restart service +systemctl restart coturn-$app.service +ynh_check_starting "Synapse now listening on port 8448" "matrix-$app" "/var/log/matrix-$app/homeserver.log" 60 +